Cross-site request forgery (CSRF) vulnerability in ESAdmin/security.do in the administrator interface in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a saveNewUser action.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2010-11-12 13:00
Updated : 2018-10-10 13:05
NVD link : CVE-2010-3891
Mitre link : CVE-2010-3891
JSON object : View
CWE
CWE-352
Cross-Site Request Forgery (CSRF)
Products Affected
ibm
- omnifind